Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 5.0 vulnerabilities and exploits
(subscribe to this query)
384
VMScore
CVE-2018-20150
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
357
VMScore
CVE-2018-20152
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, authors could bypass intended restrictions on post types via crafted input.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
668
VMScore
CVE-2018-20148
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-i...
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
2 Github repositories
694
VMScore
CVE-2016-1351
The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 up to and including 6.2 allows remote malicious users to cause a denial of service (device reload) via a crafted header in a packet, aka Bug ID CSCuu64279.
Cisco Nx-os 6.2(2a)
Cisco Nx-os 6.1(3)
Cisco Nx-os 5.1(6)
Cisco Nx-os 5.2(1)
Cisco Nx-os 6.2(12)
Cisco Nx-os 5.1(4)
Cisco Nx-os 6.2(6b)
Cisco Nx-os 5.1(5)
Cisco Ios 15.2(1)sy
Cisco Nx-os 6.0(3)
Cisco Ios 15.1(2)sy3
Cisco Ios 15.1(1)sy4
Cisco Ios 15.1(2)sy
Cisco Nx-os 4.2(8)
Cisco Ios 15.1(2)sy1
Cisco Nx-os 6.0(2)
Cisco Nx-os 4.2(3)
Cisco Nx-os 5.1(3)
Cisco Nx-os 6.1(4)
Cisco Nx-os 5.2(3a)
Cisco Nx-os 6.2(8b)
Cisco Nx-os 5.2(7)
755
VMScore
CVE-2014-2044
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud prior to 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) synt...
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.0
Owncloud Owncloud
Owncloud Owncloud 4.5.12
Owncloud Owncloud 4.0.11
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.0.13
Owncloud Owncloud 4.5.11
Owncloud Owncloud 3.0.3
Owncloud Owncloud 4.0.10
Owncloud Owncloud 4.5.7
Owncloud Owncloud 4.5.9
Owncloud Owncloud 4.0.14
Owncloud Owncloud 4.0.8
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.16
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.5.2
Owncloud Owncloud 4.0.2
Owncloud Owncloud 3.0.0
1 EDB exploit
450
VMScore
CVE-2014-0098
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server prior to 2.4.8 allows remote malicious users to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
Apache Http Server
Oracle Secure Global Desktop 4.71
Oracle Http Server 12.1.3.0
Oracle Secure Global Desktop 4.63
Oracle Http Server 12.1.2.0
Oracle Http Server 11.1.1.7.0
Oracle Http Server 10.1.3.5.0
Oracle Secure Global Desktop 5.0
Oracle Secure Global Desktop 5.1
Canonical Ubuntu Linux 13.10
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
755
VMScore
CVE-2013-1349
Eval injection vulnerability in ajax.php in openSIS 4.5 up to and including 5.2 allows remote malicious users to execute arbitrary PHP code via the modname parameter.
Os4ed Opensis 4.5
Os4ed Opensis 4.6
Os4ed Opensis 4.7
Os4ed Opensis 4.8
Os4ed Opensis 4.8.1
Os4ed Opensis 4.9
Os4ed Opensis 5.0
Os4ed Opensis 5.1
Os4ed Opensis 5.2
1 EDB exploit
435
VMScore
CVE-2012-1912
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.
Chatelao Php Address Book 5.3
Chatelao Php Address Book
Chatelao Php Address Book 6.1.4
Chatelao Php Address Book 6.2.2
Chatelao Php Address Book 3.1
Chatelao Php Address Book 3.3.18
Chatelao Php Address Book 3.2.12
Chatelao Php Address Book 3.3.10
Chatelao Php Address Book 3.4.8
Chatelao Php Address Book 3.3.12
Chatelao Php Address Book 3.1.1
Chatelao Php Address Book 3.1.6
Chatelao Php Address Book 2.4
Chatelao Php Address Book 6.2.1
Chatelao Php Address Book 3.3.16
Chatelao Php Address Book 6.2.9
Chatelao Php Address Book 3.2
Chatelao Php Address Book 6.1
Chatelao Php Address Book 5.4.7
Chatelao Php Address Book 6.0
Chatelao Php Address Book 6.2.3
Chatelao Php Address Book 2.2
1 EDB exploit
755
VMScore
CVE-2012-1911
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE...
Chatelao Php Address Book 5.3
Chatelao Php Address Book 6.1.4
Chatelao Php Address Book 6.2.2
Chatelao Php Address Book 3.1
Chatelao Php Address Book 3.3.18
Chatelao Php Address Book 3.2.12
Chatelao Php Address Book 3.3.10
Chatelao Php Address Book 3.4.8
Chatelao Php Address Book 3.3.12
Chatelao Php Address Book 3.1.1
Chatelao Php Address Book 3.1.6
Chatelao Php Address Book 2.4
Chatelao Php Address Book 6.2.1
Chatelao Php Address Book 3.3.16
Chatelao Php Address Book 6.2.9
Chatelao Php Address Book 3.2
Chatelao Php Address Book 6.1
Chatelao Php Address Book 5.4.7
Chatelao Php Address Book 6.0
Chatelao Php Address Book 6.2.3
Chatelao Php Address Book 2.2
Chatelao Php Address Book 5.7
1 EDB exploit
510
VMScore
CVE-2012-3996
TikiWiki CMS/Groupware 8.3 and previous versions allows remote malicious users to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
Tiki Tikiwiki Cms/groupware 3.2
Tiki Tikiwiki Cms/groupware
Tiki Tikiwiki Cms/groupware 4.1
Tiki Tikiwiki Cms/groupware 3.1
Tiki Tikiwiki Cms/groupware 7.2
Tiki Tikiwiki Cms/groupware 7.1
Tiki Tikiwiki Cms/groupware 6.1
Tiki Tikiwiki Cms/groupware 6.0
Tiki Tikiwiki Cms/groupware 2.2
Tiki Tikiwiki Cms/groupware 8.1
Tiki Tikiwiki Cms/groupware 3.0
Tiki Tikiwiki Cms/groupware 3.3
Tiki Tikiwiki Cms/groupware 5.0
Tiki Tikiwiki Cms/groupware 8.0
Tiki Tikiwiki Cms/groupware 5.2
Tiki Tikiwiki Cms/groupware 4
Tiki Tikiwiki Cms/groupware 4.2
Tiki Tikiwiki Cms/groupware 5.3
Tiki Tikiwiki Cms/groupware 4.0
Tiki Tikiwiki Cms/groupware 3.5
Tiki Tikiwiki Cms/groupware 6.2
Tiki Tikiwiki Cms/groupware 3.4
2 EDB exploits
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »